7dd3f3179b79f35d0006b8561de23b75fd5de295643a48f7f1bbd39fe6ecc06a | Triage

Resubmissions

13/03/2024, 05:11

240313-fvd2vsfd22 1

13/03/2024, 05:09

240313-ftkg9ade61 1

Analysis

max time kernel
1s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
13/03/2024, 05:11

Sharing

Report Analysis Logs

General

Target

Downloader.bat
Size

269B
MD5

9a75419a719b9724e6c9fea4b01130b0
SHA1

53e20398e830115b07181e79d9d89c56bce3376f
SHA256

7dd3f3179b79f35d0006b8561de23b75fd5de295643a48f7f1bbd39fe6ecc06a
SHA512

ecaf3aebdb6b7c9eddae0c313c7a5b715167b9071e365fb5f53fc3d46906caf0c2fdb6b4e440c0cd1eb8758e1a7c6c094ac89238f51b0eda46035d14daa19782

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 1860	2376	cmd.exe	81
PID 2376 wrote to memory of 1860	2376	cmd.exe	81

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Downloader.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\system32\curl.exe
  curl -o https://cdn.discordapp.com/attachments/1203539560856821800/1214035019396423690/ValorantSwapper.bat?ex=65f7a538
  2⤵
  PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads